Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
RCE: prevent bypass rule 930120 (PL3) #1136
Referencing to #1131 this rule, added on
A POC was sent to email@example.com in order to not sharing on GitHub critical information about how to bypass the whole rule set to exploit a RCE.
At the time, I've placed this rule in PL3 because, unfortunately, it could lead to many false positives.
referenced this pull request
Jul 9, 2018
Well, I thought of
It is really hard to tell for me which additional variables should be checked. I think you need to think about the backends that could be affected. How are they typically reading and parsing cookies? And maybe check with other rules if they cover it too.
This also needs a test added so that it can be merged. @theMiddleBlue can you help with that if you have questions I can walk you through how to add tests on IRC or. https://coreruleset.org/20171214/practical-ftw-testing-the-core-rule-set-or-any-other-waf/